ABA Privacy Policy

Page Content

Effective Date: May 25, 2018

1. Introduction

The American Bankers Association (ABA) is committed to protecting your personal data.

This Privacy Policy applies to the websites, online services and mobile applications controlled by ABA ("ABA," "we," "us," or "our") where this Privacy Policy is posted (the "Services"). This Privacy Policy applies to all users, including both those who use the Services without being registered with or subscribing to an ABA service and those who have registered with or subscribed to an ABA service. Please read this Privacy Policy carefully because by using the Services or purchasing products or services from us, you agree to be bound by this Privacy Policy.

This list includes these sites and their subdomains (but not limited to):

www.aba.com

www.abastonier.com

www.baft.org

bankingjournal.aba.com

store.aba.com (ABA Store)

action.aba.com (Phone2Action)

aba.csod.com (Cornerstone)

2. What Information Do We Collect About You?

The ABA collects (i) personal data voluntarily supplied by you when you register on the Services, and (ii) tracking information collected as you navigate the Services. In particular, the ABA collects the following information from and about you:

Registration information – Registration information is information you submit to register for an ABA service, for example, to create an account, make a purchase, register for an event, enroll in a course, post comments, or receive a newsletter, and may include, but is not limited to, first name, last name, and email address.

Sensitive data – We may collect limited sensitive data related to attendance at ABA events only as provided by you and with your consent, including passport information for visa and security processing; dietary restrictions and disability accommodations information.

Public data and posts – This may consist of comments or content that you post on the Services and the personal information about you that accompanies those posts or content, which may include a name, user name, or comments. Public information and posts are always public, which means they are available to everyone and may be displayed in search results on external search engines.

Research – If you have purchased our products or services or registered for events, education or other programs, we may request that you complete surveys, evaluations form and/or market research and collect your responses.

Activity data – When you access and interact with the ABA services, we may collect certain information about those visits. For example, in order to permit your connection to the ABA services, our servers receive and record information about your computer, device and browser, including potentially your IP address, browser type, and other software or hardware information.

Cookies, web beacons and similar technologies – Cookies are small text files placed on your device that uniquely identify your device and which a website can transfer to a consumer's hard drive to keep records of his or her visit to a website. Web beacons are transparent image files used to monitor your journey around a single website or collection of sites. Web beacons may be used in association with cookies to understand how visitors interact with the pages and content on the pages of a web site. These and related technologies may be used to collect and store information about your usage of the ABA Services, such as pages you have visited, other content you have viewed, search queries you have run and advertisements you have seen. For more information, see Section 9 below.

Protect the rights of the ABA and others. There may be instances when we may disclose your personal information, including situations where we have a good faith belief that such processing is necessary in order to: (i) protect, enforce or defend the legal rights, privacy, safety or property of the ABA, our affiliates or their employees, agents and contractors (including enforcement of our agreements and terms of use); (ii) protect the safety, privacy and security of users of our Services or members of the public; (iii) protect against fraud or for risk management purposes;

Audience Data Providers, who, in certain countries, we may also work with, such as Facebook, Twitter, LinkedIn and others, to receive audience based data (such as pixel traffic and conversion data) from them based on non-identifiable information such as IP addresses;

Competent authorities, including law enforcement, in order to comply with applicable laws or court orders.

6. Is your personal information transferred from abroad?

For individuals located in the European Union (EU) or participating in activities outside of the US that you have consented to, your personal information may be transferred to countries outside the EU, in particular to the United States. Some non-EU countries are recognized by the European Commission as providing an adequate level of data protection according to EU standards. The full list of these countries is available at http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm. For transfers from the EU to countries not considered adequate by the European Commission, we have put in place appropriate and suitable safeguards to protect your personal data and that the transfer of your personal data is in compliance with the requirements and the obligations provided by applicable data protection laws, such as standard contractual clauses adopted by the European Commission as per Articles 45 and 46 of the EU General Data Protection Regulation 2016/679.

7. What are your rights with regard to your personal information?

We give you choices regarding our use and disclosure of your personal information for marketing purposes. You may withdraw your consent to:

Receiving electronic communications from us – If you no longer want to receive marketing-related emails from us, you may opt-out of receiving these by following the unsubscribe link in our communications or sending a request to the email or postal address in Section 14 of this Privacy Policy.

Our sharing of your personal information with ABA affiliates or business partners for their marketing purposes – If you would prefer that we do not share your personal information with ABA affiliates or business partners for their direct marketing purposes, you may opt-out of this sharing by following the unsubscribe link in the communications or sending a request to the email or postal address in Section 14 of this Privacy Policy.

Additionally EU subjects may:

Obtain confirmation as to whether or not your personal information exists and to be informed of its content and source, verify its accuracy and request its integration, update or amendment;

Request the deletion, anonymization or restriction of the processing of your personal information processed in breach of the applicable law;

Object to the processing, in all cases, or your personal information for legitimate reasons;

Receive an electronic copy of your personal information, if you would like to port your personal information to yourself or a different provider;

Lodge a complaint with the relevant data protection supervisory authority.

The above rights are subject to applicable limitations and restrictions. In certain cases, your request may be denied based on a legitimate exception such as where we are prevented from disclosing such information based on legal requirements, fraud prevention or security concerns, or when we need to maintain the information. For more information or to make a request, please contact privacy@aba.com.

Remember that even after you cancel your account, or if you ask us to delete your personal information, copies of some information from your account may remain viewable in some circumstances where, for examples, you have shared information with other services. We may also retain backup information related to your account on our servers for some time after cancellation or your request for deletion, to comply with applicable law.

8. Your California Privacy Rights

California law permits residents of California to opt-out of the ABA's disclosure of personal information to third parties for their direct marketing purposes. You may choose to opt-out of the sharing of your personal information with third parties for marketing purposes at any time by contacting us at privacy@aba.com. Please note that this opt-out does not prohibit disclosures made for non-marketing purposes. California law also permits residents of California to request and obtain from us once per year, free of charge, a list of the third parties (if any) to whom we have disclosed personal information for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. If you are a California resident and would like to request this information, please submit your request in an email to privacy@aba.com. The email subject line must include the phrase "Your California Privacy Rights," and include your name, email address or mailing address.

We do not support "Do Not Track" browser settings and do not currently participate in any Do Not Track frameworks that would allow us to respond to signals or other mechanisms from you regarding the collection of your personal information.

9. Cookies

We use, and allow certain third parties to use, cookies, web beacons and other similar technologies to enhance our Services and to help collect data. We, or third parties, may use session cookies or persistent cookies. Session cookies only last for the specific duration of your visit and are deleted when you close your browser. Persistent cookies remain on your device's hard drive until you delete them or they expire at thirteen months. Different cookies are used to perform different functions, which we explain below:

Essential – Some cookies are essential in order to enable you to move around our websites and use their features, such as accessing secure areas of the website. Without these cookies, we cannot enable appropriate content based on the type of device you are using. These cookies allow us to remember choices you make on our websites, such as your preferred language and the country from which you are visiting, and provide enhanced, more personalized features.

Performance and Analytics – We use our own cookies and/or third party cookies to see how you use our websites and services in order to enhance their performance and develop them according to your preferences. We use Google Analytics, for example, to track website usage and activity. You can opt-out of the Google Analytics Advertising Features we use by indicating your preference using the Google Analytics User Deletion Tool here. Google also provides a complete privacy policy and instructions on opting-out of Google Analytics here. Note that Google's opt-out mechanism is specific to Google activities and does not affect the activities of other ad networks or analytics providers that we may use.

Targeted Advertising – We receive audience based data (such as pixel traffic and conversion data) from social media platform providers, including Facebook, LinkedIn and Twitter and others based on non-identifiable information such as IP addresses. We use this information to serve ads to you. To block or limit this activity, please visit the sites below:

Facebook: You should see a link to the opt-out when you select "Why am I seeing this?" when using Facebook. You can also select "Hide all from this advertiser" within Facebook to stop seeing our ads. More information can be found on Facebook's site here: http://www.facebook.com/business/help/1415256572060999

Third Party Advertising and Social Media – We allow other third parties to place cookies on our websites to allow them to show you advertisements both on and off our websites that are more relevant and useful to you. These advertisers and other third parties (including the ad networks, ad-serving companies, and other service providers they may use) may assume that users who interact with or click on a personalized ad or content are part of the group that the ad or content is directed towards.

How to Manage Cookies

There are several ways to manage cookies. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. The Help feature on most browsers provide information on how to accept cookies, disable cookies or to notify you when receiving a new cookie. Please note, however, that many of the cookies we use are "strictly necessary" cookies. By blocking or deleting them, you will not be able to access certain features of our Services. For more information about cookies and how to block them, please visit allaboutcookies.org.

In the US, the Network Advertising Initiative also offers a means to opt out of a number of advertising cookies. Please visit www.networkadvertising.org to learn more. Note that opting out does not mean you will no longer receive online advertising. It does mean that the company or companies from which you opted out will no longer deliver ads tailored to your web preferences and usage patterns.

10. Security; Retention

ABA takes the security and privacy of your personal information seriously. Please be aware, however, that no data transmission over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us. Understand that any information that you transfer to us is done at your own risk. If we learn of a data security systems breach we may attempt to notify you electronically regarding security, privacy, and administrative issues relating to your use of the Services. We may post a notice on the Services if a security breach occurs. We may also send an email to you at the email address you have provided to us. Depending on where you live, you may have a legal right to receive written notice of a data privacy or security breach.

We will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

11. Assignment

In the event that all or part of our assets are sold or acquired by another party, or in the event of a merger, you grant us the right to assign the personal information we have collected from you.

12. Links to other websites

The Services contain links to other websites. The ABA is not responsible for the privacy practices of unaffiliated companies, and once you leave the ABA Services, you should read the applicable Privacy Policy of the other service.

13. Updates to this Privacy Policy

We may update this Privacy Policy from time to time, so please visit this page periodically and review for changes. We will notify you of material changes to this Privacy Policy by posting a notice on our home page for a reasonable period of time and changing the "Effective Date" above. Your continued use of our Services following the posting of changes will constitute your acceptance of the changed terms.

14. Contact Us

Your visit to the Services is subject to both this Privacy Policy and our Terms of Use, where applicable. If you have any questions, comments or concerns regarding this Privacy Policy, please contact us by email privacy@aba.com or by postal mail at: